Debian / Ubuntu users – beware of the OpenSSL vulnerability

Post navigation

On Monday (the 12th) there was a post on isc.sans.org talking about how brute-force SSH attacks are on the rise. This report links to an useful paper which “investigates current methods and dictionaries used by attackers of SSH in the past several months”. Our findings from our own honeypots match up pretty closely with theirs, but it is mostly irrelevant if you are security conscious and don’t use weak passwords.

Or is it?

On Tuesday (the 13th) a weakness was reported in the random number generator used by OpenSSL on Debian and Ubuntu systems (CVE-2008-0166). This means that keys generated for use by OpenSSH, OpenVPN and SSL certificates have a decent chance of being identical to keys generated by anyone else who is also using an affected system. Not good. Ironically, it is going to be the security conscious amongst you who use keys for accessing SSH rather than passwords who are now more at risk.

H.D. Moore has written an interesting article on the metasploit website. Interested readers will be able to find his entire article if they want, but here is a particularly interesting quote:

“The blacklists published by Debian and Ubuntu demonstrate just how small the key space is. When creating a new OpenSSH key, there are only 32,767 possible outcomes for a given architecture, key size, and key type. The reason is that the only “random” data being used by the PRNG is the ID of the process.”.

He then goes on to explain how this can be used by attackers, as well as promising to release tools to exploit affected systems:

“In the near future, this site will be updated to include a brute force tool that can be used quickly gain access to any SSH account that allows public key authentication using a vulnerable key”

Great.

We can expect to see this style of attack becoming popular any day now (if they haven’t started already) so be prepared, update your system and change any weak keys.